您好,登錄后才能下訂單哦!
這篇文章主要講解了ssh免密碼登錄配置方法的詳細(xì)解析,內(nèi)容清晰明了,對(duì)此有興趣的小伙伴可以學(xué)習(xí)一下,相信大家閱讀完之后會(huì)有幫助。
首先,說(shuō)明一下我們要做的是,serverA 服務(wù)器的 usera 用戶免密碼登錄 serverB 服務(wù)器的 userb用戶。
我們先使用usera 登錄 serverA 服務(wù)器
[root@serverA ~]# su - usera [usera@serverA ~]$ pwd /home/usera
然后在serverA上生成密鑰對(duì)
[usera@serverA ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/usera/.ssh/id_rsa): Created directory '/home/usera/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/usera/.ssh/id_rsa. Your public key has been saved in /home/usera/.ssh/id_rsa.pub. The key fingerprint is: 39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA The key's randomart image is: +--[ RSA 2048]----+ | Eo* | | @ . | | = * | | o o . | | . S . | | + . . | | + . .| | + . o . | | .o= o. | +-----------------+
此時(shí)會(huì)在/home/usera/.ssh目錄下生成密鑰對(duì)
[usera@serverA ~]$ ls -la .ssh 總用量 16 drwx------ 2 usera usera 4096 8月 24 09:22 . drwxrwx--- 12 usera usera 4096 8月 24 09:22 .. -rw------- 1 usera usera 1675 8月 24 09:22 id_rsa -rw-r--r-- 1 usera usera 399 8月 24 09:22 id_rsa.pub
然后將公鑰上傳到serverB 服務(wù)器的,并以u(píng)serb用戶登錄
[usera@portalweb1 ~]$ ssh-copy-id userb@10.124.84.20 The authenticity of host '10.124.84.20 (10.124.84.20)' can't be established. RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.124.84.20' (RSA) to the list of known hosts. userb@10.124.84.29's password: Now try logging into the machine, with "ssh 'userb@10.124.84.20'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
這個(gè)時(shí)候usera的公鑰文件內(nèi)容會(huì)追加寫入到userb的 .ssh/authorized_keys 文件中
[usera@serverA ~]$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA
查看serverB服務(wù)器userb用戶下的 ~/.ssh/authorized_keys文件,內(nèi)容是一樣的,此處我就不粘貼圖片了。
[userb@serverB ~]$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA
另外我們要注意,.ssh目錄的權(quán)限為700,其下文件authorized_keys和私鑰的權(quán)限為600。否則會(huì)因?yàn)闄?quán)限問(wèn)題導(dǎo)致無(wú)法免密碼登錄。我們可以看到登陸后會(huì)有known_hosts文件生成。
[useb@serverB ~]$ ls -la .ssh total 24 drwx------. 2 useb useb 4096 Jul 27 16:13 . drwx------. 35 useb useb 4096 Aug 24 09:18 .. -rw------- 1 useb useb 796 Aug 24 09:24 authorized_keys -rw------- 1 useb useb 1675 Jul 27 16:09 id_rsa -rw-r--r-- 1 useb useb 397 Jul 27 16:09 id_rsa.pub -rw-r--r-- 1 useb useb 1183 Aug 11 13:57 known_hosts
這樣做完之后我們就可以免密碼登錄了
[usera@serverA ~]$ ssh userb@10.124.84.20
另外,將公鑰拷貝到服務(wù)器的~/.ssh/authorized_keys文件中方法有如下幾種:
1、將公鑰通過(guò)scp拷貝到服務(wù)器上,然后追加到~/.ssh/authorized_keys文件中,這種方式比較麻煩。scp -P 22 ~/.ssh/id_rsa.pub user@host:~/。
2、通過(guò)ssh-copy-id程序,就是我演示的方法,ssh-copyid user@host即可
3、可以通過(guò)cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host ‘cat >> ~/.ssh/authorized_keys',這個(gè)也是比較常用的方法,因?yàn)榭梢愿亩丝谔?hào)。
看完上述內(nèi)容,是不是對(duì)ssh免密碼登錄配置方法的詳細(xì)解析有進(jìn)一步的了解,如果還想學(xué)習(xí)更多內(nèi)容,歡迎關(guān)注億速云行業(yè)資訊頻道。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。